Every organization today needs a multi-layer security strategy to protect its enterprise from the multitude of cyber security threats that exist today; While one cannot underestimate the importance of an email security gateway, web filtering solution, or endpoint protection system, there is no question as to the prominence of an enterprise firewall.
The modern digital landscape is a battleground rife with adversaries ready and willing to go to great lengths to steal your data. Clever independent attackers and state-sponsored actors alike are deploying increasingly effective versions of cyber attacks intended to intrude, infect, steal, evade, disrupt and destroy everything they touch. To defend themselves, many businesses are […]
If you work in the information security industry go ahead and give yourself a pat on the back. In 2012 information security professionals enjoyed one of the lowest unemployment rates in the country according to the United States Bureau of Labor Statistics. In my line of work I often come across IT and various other […]
Yes, it’s another information security predictions article – security hiring trends. No, I won’t be discussing APT, China, or anything involving our favorite prefix, “cyber.” Instead, here’s a brief glimpse at what we infosec recruiters are seeing in terms of enterprise demands for cyber security roles. While all infosec positions, from firewall jockey to CISO, […]
Information security laws and regulations are telling us to conduct risk assessments before we develop our security and compliance programs. They insist on this so our security goals are meaningful to each of us, rather than aspiring to a generic list of controls that were written by experts who never met us and don’t understand […]
Over the past few weeks we’ve seen news coming out of the Edward Snowden leaks that we’ve been able to either shrug off or become perturbed by, depending on the details of each leak. But this past week, new information was revealed regarding a serious violation of trust. This time, reactions from security professionals are […]
Early on in my information security career I was auditing a firm that conducted complex economic analyses for their clients. They processed a lot of personal information and they wanted to be sure they were applying appropriate controls to safeguard that information. Part of their business model was to charge their clients per hour for […]
The Hackers Heckling. The Black Hat convention is under way today in Las Vegas, and there, before a group of information-security-minded individuals, stood General Keith Alexander, Director of the NSA, getting heckled by conference attendees. Their complaints were targeted at the NSA’s surveillance activities and Director Alexander’s dubious testimony to Congress about those activities.
Most of my information security focus these past few years has concentrated on managing risks and governance, but this was not always the case. I came into this profession as a technologist and manager who focused on team building, turn-arounds and doing a lot with few resources. But as my career moved from technology operations […]
Last week I presented a topic here at Halock’s blog site on the Hand Rule, also known as the “Calculus of Negligence.” The basic message of the post was that we can use information risk assessments to help us keep our security costs to a reasonable level, but only by describing how we would arrive […]